hi everybody... I am working with an application using JDBCRealm for security, but I just can�t to make the logout feature to work!! I had try: response.setHeader("Cache-Control","no-cache"); response.setHeader("Pragma","no-cache"); response.setDateHeader ("Expires", 0); response.setStatus(response.SC_UNAUTHORIZED); response.setDateHeader("Expires","0"); HttpSession sessionid = request.getSession(false); sessionid.invalidate(); From other post here and noting is working, I tried CLOSING the browser and restarting de SERVER (Tomcat) and the users is still logged in!! The only method for the browser asking username and password again is restarting the PC where server is running! Somebody could help me?